Split event into multiples and parse with grok separately

Daniel_Jankech · February 24, 2021, 10:38am

Hello, I'm back with another question. From my understanding split function is used to split lets say messages into multiple lines of code and then you use grok to parse this into a single list of variables. However what Im trying to do is divide my log file containing multiple events into single events starting with keyword1 and ending with keyword2 and parse these with grok. Is this even possible ? Should I split the field externally and send in the separate events ?

I would like to input 1 file , resulting in for example 5 events each parsed with grok and each having its own output.

aaron-nimocks · February 25, 2021, 1:20pm

Can you share your raw data and give an example of expected output?

Daniel_Jankech · February 26, 2021, 2:45pm

Hi , I realised this would not be a correct way of doing things but thanks for the response.

system · March 26, 2021, 2:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.